Proton’s CEO on AI Privacy: The One Risk That Worries Him Most

AI tools are now part of everyday life—helping with writing, research, and even personal organization. But as adoption grows, so do concerns about how these tools handle our data. In a recent interview with Spiceworks, Proton’s CEO Andy Yen acknowledged that privacy in the AI era is achievable, but he also pointed to one specific threat that keeps him up at night.

What happened

Yen’s remarks came during a broader discussion about the future of privacy-focused technology. Proton—known for its encrypted email, VPN, and cloud storage—has been working to add AI features without compromising user confidentiality. The interview, published on June 4, 2026, covered how the company approaches this balance.

The core of Yen’s concern is the concentration of user data in the hands of a few large AI providers. When people use popular AI assistants or chatbots, their input—along with contextual information—often gets sent to remote servers for processing. Over time, this creates vast datasets that can be used to train models, sometimes without explicit user knowledge or consent. Yen described this centralization as a systemic risk, because once data leaves a user’s device, control is largely surrendered.

Why it matters

This worry is not hypothetical. Several incidents have already shown how AI tools can inadvertently expose private information, from leaked chat histories to models regurgitating personal details. The problem is compounded by the opacity of many commercial AI systems: users rarely know what data is retained, how it is used, or whether it can be deleted later.

Yen’s point is that privacy is not simply a feature you can toggle on. It requires design decisions at the architectural level. If an AI tool relies on cloud-based processing by default, every query becomes a potential privacy leak. For individuals, journalists, or businesses handling sensitive information, this is a deal-breaker. For the average user, it means that convenience often comes at the cost of long-term data exposure.

Proton’s approach

Proton’s answer to this problem is to process AI tasks locally whenever possible. Their smart compose feature, for example, runs on the user’s device rather than sending text to a remote server. This way, the AI can assist without ever seeing the raw data. Encryption remains end-to-end, and the company does not have access to user content.

Of course, not all AI workloads can be handled locally—some require more processing power or access to large models. In those cases, Proton uses techniques like differential privacy or anonymized aggregation. The key principle is to minimize data collection and give users clear choices about what gets shared.

What readers can do

You don’t have to wait for companies to get privacy right. Here are practical steps you can take today:

  • Choose AI tools that offer offline or on-device processing. Look for options labeled “local AI” or “on-device.” This is common in writing assistants, transcription apps, and photo editors.
  • Check privacy policies for data retention clauses. Some tools store your conversations indefinitely. Prefer services that allow you to delete your history, or that don’t log inputs at all.
  • Use a VPN or encrypted email when sharing sensitive information with AI services. This adds a layer of protection, though it doesn’t fix the underlying data-sharing issue.
  • Disable cloud-based AI features in apps you already use. Many productivity tools have AI suggestions turned on by default. You can often switch them off in settings.
  • Consider open-source alternatives. These allow you or the community to audit how data is handled. Examples include LocalAI or private LLM runners like Ollama.

None of these steps are perfect, but they reduce your exposure. The most effective long-term fix is to demand that AI companies treat data privacy as a foundational requirement rather than an afterthought.

Sources

  • Spiceworks, “Privacy in the AI era is possible, says Proton’s CEO, but one thing keeps him up at night,” June 4, 2026.
  • Additional context from Proton’s public documentation on their AI features and privacy commitments.